Botan  2.7.0
Crypto and TLS for C++11
tiger.cpp
Go to the documentation of this file.
1 /*
2 * Tiger
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/tiger.h>
9 #include <botan/exceptn.h>
10 
11 namespace Botan {
12 
13 std::unique_ptr<HashFunction> Tiger::copy_state() const
14  {
15  return std::unique_ptr<HashFunction>(new Tiger(*this));
16  }
17 
18 namespace {
19 
20 /*
21 * Tiger Mixing Function
22 */
23 inline void mix(secure_vector<uint64_t>& X)
24  {
25  X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5;
26  X[1] ^= X[0];
27  X[2] += X[1];
28  X[3] -= X[2] ^ ((~X[1]) << 19);
29  X[4] ^= X[3];
30  X[5] += X[4];
31  X[6] -= X[5] ^ ((~X[4]) >> 23);
32  X[7] ^= X[6];
33 
34  X[0] += X[7];
35  X[1] -= X[0] ^ ((~X[7]) << 19);
36  X[2] ^= X[1];
37  X[3] += X[2];
38  X[4] -= X[3] ^ ((~X[2]) >> 23);
39  X[5] ^= X[4];
40  X[6] += X[5];
41  X[7] -= X[6] ^ 0x0123456789ABCDEF;
42  }
43 
44 }
45 
46 /*
47 * Tiger Compression Function
48 */
49 void Tiger::compress_n(const uint8_t input[], size_t blocks)
50  {
51  uint64_t A = m_digest[0], B = m_digest[1], C = m_digest[2];
52 
53  for(size_t i = 0; i != blocks; ++i)
54  {
55  load_le(m_X.data(), input, m_X.size());
56 
57  pass(A, B, C, m_X, 5); mix(m_X);
58  pass(C, A, B, m_X, 7); mix(m_X);
59  pass(B, C, A, m_X, 9);
60 
61  for(size_t j = 3; j != m_passes; ++j)
62  {
63  mix(m_X);
64  pass(A, B, C, m_X, 9);
65  uint64_t T = A; A = C; C = B; B = T;
66  }
67 
68  A = (m_digest[0] ^= A);
69  B = m_digest[1] = B - m_digest[1];
70  C = (m_digest[2] += C);
71 
72  input += hash_block_size();
73  }
74  }
75 
76 /*
77 * Copy out the digest
78 */
79 void Tiger::copy_out(uint8_t output[])
80  {
81  copy_out_vec_le(output, output_length(), m_digest);
82  }
83 
84 /*
85 * Tiger Pass
86 */
87 void Tiger::pass(uint64_t& A, uint64_t& B, uint64_t& C,
88  const secure_vector<uint64_t>& X,
89  uint8_t mul)
90  {
91  C ^= X[0];
92  A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
93  SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
94  B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
95  SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
96  B *= mul;
97 
98  A ^= X[1];
99  B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
100  SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
101  C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
102  SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
103  C *= mul;
104 
105  B ^= X[2];
106  C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
107  SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
108  A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
109  SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
110  A *= mul;
111 
112  C ^= X[3];
113  A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
114  SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
115  B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
116  SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
117  B *= mul;
118 
119  A ^= X[4];
120  B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
121  SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
122  C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
123  SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
124  C *= mul;
125 
126  B ^= X[5];
127  C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
128  SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
129  A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
130  SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
131  A *= mul;
132 
133  C ^= X[6];
134  A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
135  SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
136  B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
137  SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
138  B *= mul;
139 
140  A ^= X[7];
141  B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
142  SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
143  C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
144  SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
145  C *= mul;
146  }
147 
148 /*
149 * Clear memory of sensitive data
150 */
152  {
154  zeroise(m_X);
155  m_digest[0] = 0x0123456789ABCDEF;
156  m_digest[1] = 0xFEDCBA9876543210;
157  m_digest[2] = 0xF096A5B4C3B2E187;
158  }
159 
160 /*
161 * Return the name of this type
162 */
163 std::string Tiger::name() const
164  {
165  return "Tiger(" + std::to_string(output_length()) + "," +
166  std::to_string(m_passes) + ")";
167  }
168 
169 /*
170 * Tiger Constructor
171 */
172 Tiger::Tiger(size_t hash_len, size_t passes) :
173  MDx_HashFunction(64, false, false),
174  m_X(8),
175  m_digest(3),
176  m_hash_len(hash_len),
177  m_passes(passes)
178  {
179  if(output_length() != 16 && output_length() != 20 && output_length() != 24)
180  throw Invalid_Argument("Tiger: Illegal hash output size: " +
182 
183  if(passes < 3)
184  throw Invalid_Argument("Tiger: Invalid number of passes: "
185  + std::to_string(passes));
186  clear();
187  }
188 
189 }
fe X
Definition: ge.cpp:27
void clear() override
Definition: mdx_hash.cpp:33
std::string name() const override
Definition: tiger.cpp:163
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
size_t hash_block_size() const override final
Definition: mdx_hash.h:32
Tiger(size_t out_size=24, size_t passes=3)
Definition: tiger.cpp:172
void clear() override
Definition: tiger.cpp:151
T load_le(const uint8_t in[], size_t off)
Definition: loadstor.h:121
Definition: alg_id.cpp:13
size_t output_length() const override
Definition: tiger.h:22
fe T
Definition: ge.cpp:37
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
std::unique_ptr< HashFunction > copy_state() const override
Definition: tiger.cpp:13
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:183
void copy_out_vec_le(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition: loadstor.h:690